Posted on 12/08/2005 4:06:06 PM PST by zeugma
Exploit code for the latest version of open-source browser Firefox was published Wednesday, potentially putting users at risk of a denial-of-service attack.
The exploit code takes advantage of a bug in the recently released Firefox 1.5, running on Windows XP with Service Pack 2. Firefox, which initially debuted over a year ago, has moved swiftly to capture 8 percent of the browser market.
The latest Firefox flaw exists in the history.dat file, which stores information from Web sites users have visited with the Firefox 1.5 browser, according to a posting on the Internet Storm Center, which monitors online threats.
"If the topic of a page is crafted to be long enough, it will crash the browser each time it is started after going to such a page," according to the Internet Storm Center posting. "Once this happens, Firefox will be unable to be started until you erase the history.dat file manually."
In testing Firefox 1.5 without a system running McAfee security software, the Firefox 1.5 browser would stall and not respond to a user's mouse, said Johannes Ullrich, chief research officer for the Sans Institute, which runs the Internet Storm Center.
"Users have to kill out of the browser and start over again. This stalled browser creates a DOS (denial of service) condition," Ullrich said.
Packet Storm, the security group that initially published the proof-of-concept exploit code, noted that in addition to the potential denial-of-service attack that could follow a buffer overflow, systems may also be subject to a malicious execution of code.
Ullrich, however, said while the potential may exist, it has not been proven either way that malicious code could be executed.
Mozilla Foundation, which released Firefox, said it was not able to confirm the browser would crash or be at risk of a DOS attack, after visiting certain Web sites. And Mozilla has not received any reports from users of such a problem, said Mike Schroepfer, vice president of engineering for Mozilla Corp.
He added that Firefox 1.5 can be slugglish on its next start-up, due to a bug in the history.dat, but it is not a security problem.
"We have gotten no independent verification that it crashes (Firefox), but there have been a lot of attempts to try," Schroepfer said.
Just more of your lies, obviously.
http://www.opensecrets.org/indivs/search.asp?NumOfThou=0&txtName=gates%2C+william&txtState=WA&txtZip=&txtEmploy=&txtCand=&txt2004=Y&Order=N
From FLAMING DEATH's search--Microsoft contributed 10 times the amount at $704,702
So take some solace that they are indeed contributing to the Repiblican Party. But they're trying to elect Democrats.
Try $1,594,135
http://www.opensecrets.org/parties/contrib.asp?Cmte=RPC&Cycle=2000
and $1,942,751
http://www.opensecrets.org/parties/contrib.asp?Cmte=RPC&Cycle=2002
out for size why don't you?
I don't care if it was one damn dollar. None of my money is going through my software to the Democrats. You can't say the same.
PS. You can't discredit my source as a lie by posting from the same source. That's a weak tactic that you use pretty often. It doesn't help you.
OK. I can't face up to such eloquent, logical, and indisputable logic. You've convinced me that I'm wrong.
If you'd used that argument earlier, we could've saved all of us a lot of heartache and sorrow.
Poor guy. That's all he's got left...posting little cartoon pictures to try to salvage some small victory out of his own defeat.
He's tried to paint me as a communist, when in fact he's the only one who's software dollars go to China. He's called me a Democrat sympathizer, yet he's the one who's money goes to the Dems.
I'd feel sorry for him if he wasn't such a hateful hypocrite.
bump
How's that? My software dollars don't go to China, but you do support China and Cuba and Vietnam getting free software. Seems pretty simple to me.
He's called me a Democrat sympathizer
No I didn't, I said you behaved just like one. Lot worse.
Thanks for your help, Golden Eagle!
Thanks, Golden Eagle!
Here's those links he never responded to, you're welcome to try as well.
http://www.democraticunderground.com/discuss/duboard.php?az=view_all&address=102x665385
http://europa.eu.int/idabc/en/document/1736/531
http://www.eweek.com/article2/0,1759,1617712,00.asp?kc=EWNKT0209KTX1K0100440
http://ianmurdock.com/?p=54
http://weblog.flora.org/article.php3?story_id=552
http://zgp.org/linux-elitists/p05210612bb7d87639a93@[192.168.1.101].html
http://www.linuxlinks.com/portal/news/article.php?story=20050624042207848&mode=print
http://www.linuxpipeline.com/42700029
http://www.oreillynet.com/pub/wlg/5279
http://www.linuxjournal.com/article/7239
http://asia.cnet.com/news/software/printfriendly.htm?AT=39146335-39001094t-39000001c
http://slashdot.org/articles/99/11/10/1457205.shtml
http://linux.slashdot.org/linux/05/05/19/1213245.shtml?tid=106&tid=219
http://slashdot.org/articles/03/10/30/1435248.shtml
http://www.iranian.ws/cgi-bin/iran_news/exec/view.cgi/2/3822
http://linuxtoday.com/news_story.php3?ltsn=2002-08-30-011-26-NW-LL-PB
http://slashdot.org/articles/03/05/01/1148227.shtml?tid=103&tid=99
http://www.zdnet.co.uk/print?TYPE=story&AT=2133230-39020381t-10000002c
http://www.pcworld.com/reviews/article/0,aid,104039,src,ov,00.asp
http://www.usatoday.com/tech/news/techpolicy/2003-10-20-open-source-mass_x.htm
http://www.newsforge.com/business/04/02/27/2329240.shtml
Sure. I guess when you buy Microsoft, you call Bill and tell him you're sending a couple hundred his way...see to it that it DOESN'T end up as part of Microsoft's multimillion dollar investment in China, right?
" No I didn't, I said you behaved just like one. Lot worse."
Yeah, right. Put your money where your mouth is, loser.
Ahhh...the skipping CD routine again.
At this point, why don't you just get a trained monkey to pound on the keyboard for you? It'd be more coherent and far more interesting to boot.
Howard Dean? You mean the same leftist that calls his campaign "open source politics"? The same guy who's campaign manager used to work for a Linux company? The same guy that runs all his servers on open source? The same guy that named a DNC website "DemZilla"? That Howard Dean?
http://www.demzilla.org
http://ianmurdock.com/?p=54
http://zgp.org/linux-elitists/p05210612bb7d87639a93@[192.168.1.101].html
http://www.linuxlinks.com/portal/news/article.php?story=20050624042207848&mode=print
"Howard Dean? You mean the same leftist that calls his campaign "open source politics"? The same guy who's campaign manager used to work for a Linux company? The same guy that runs all his servers on open source? The same guy that named a DNC website "DemZilla"? That Howard Dean?"
The guy who's political party you fund when you buy software?
Yeah!
That Howard Dean!
Pittance compared to what other companies are investing. They're not giving software away to Fidel Castro and the Vietcong though, which is what you support.
Your own links showed Microsoft gave more to Republicans overall the last few elections. Can't you ever get anything right?
Those other companies aren't investing MY dollars, though.
Put your money where your mouth is.
(Denny Crane: "I Don't Want To Socialize With A Pinko Liberal Democrat Commie.Say What You Like About Republicans. We Stick To Our Convictions. Even When We Know We're Dead Wrong.")
ROFL, because you don't HAVE any dollars. That's why you politic right along with Howard Dean and the U.N. for free software for the world.
http://www.iosn.net/
Disclaimer: Opinions posted on Free Republic are those of the individual posters and do not necessarily represent the opinion of Free Republic or its management. All materials posted herein are protected by copyright law and the exemption for fair use of copyrighted works.